"""
 *
 * Copyright (c) 2019 Cisco Systems, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 *
 *   Redistributions in binary form must reproduce the above
 *   copyright notice, this list of conditions and the following
 *   disclaimer in the documentation and/or other materials provided
 *   with the distribution.
 *
 *   Neither the name of the Cisco Systems, Inc. nor the names of its
 *   contributors may be used to endorse or promote products derived
 *   from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
"""

TLS_VERSION = {
    '0002': 'SSL 2.0',
    '0300': 'SSL 3.0',
    '0301': 'TLS 1.0',
    '0302': 'TLS 1.1',
    '0303': 'TLS 1.2',
    '0304': 'TLS 1.3',
    '7f0e': 'TLS 1.3 (draft 14)',
    '7f0f': 'TLS 1.3 (draft 15)',
    '7f10': 'TLS 1.3 (draft 16)',
    '7f11': 'TLS 1.3 (draft 17)',
    '7f12': 'TLS 1.3 (draft 18)',
    '7e02': 'TLS 1.3 (draft 18-mozilla-pr-1092)',
    '7f13': 'TLS 1.3 (draft 19)',
    '7f14': 'TLS 1.3 (draft 20)',
    '7f15': 'TLS 1.3 (draft 21)',
    '7f16': 'TLS 1.3 (draft 22)',
    '7f17': 'TLS 1.3 (draft 23)',
    '7f18': 'TLS 1.3 (draft 24)',
    '7f19': 'TLS 1.3 (draft 25)',
    '7f1a': 'TLS 1.3 (draft 26)',
    '7f1b': 'TLS 1.3 (draft 27)',
    '7f1c': 'TLS 1.3 (draft 28)',
    '0a0a': 'GREASE', # GREASE compatibility versions
    '1a1a': 'GREASE',
    '2a2a': 'GREASE',
    '3a3a': 'GREASE',
    '4a4a': 'GREASE',
    '5a5a': 'GREASE',
    '6a6a': 'GREASE',
    '7a7a': 'GREASE',
    '8a8a': 'GREASE',
    '9a9a': 'GREASE',
    'aaaa': 'GREASE',
    'baba': 'GREASE',
    'caca': 'GREASE',
    'dada': 'GREASE',
    'eaea': 'GREASE',
    'fafa': 'GREASE',
}

TLS_RECORD_TYPES = {
    20: 'change_cipher_spec',
    21: 'alert',
    22: 'handshake',
    23: 'application_data',
}

TLS_HANDSHAKE_MESSAGE_TYPES = {
    1: 'client_hello',
    2: 'server_hello',
    4: 'new_session_ticket',
    8: 'encrypted_extensions',
    11: 'certificate',
    12: 'server_key_exchange',
    14: 'server_hello_done',
    15: 'certificate_verify',
    16: 'client_key_exchange',
    20: 'finished',
    203: 'channel_id',
}

TLS_HANDSHAKE_MESSAGE_NAMES = [
    'client_hello',
    'server_hello',
    'new_session_ticket',
    'encrypted_extensions',
    'certificate',
    'server_key_exchange',
    'server_hello_done',
    'certificate_verify',
    'client_key_exchange',
    'finished',
    'channel_id',
]


TLS_ALERT_LEVELS = {
    1: 'warning',
    2: 'fatal',
}

TLS_ALERT_DESCRIPTIONS = {
    0: 'close_notify',
    10: 'fatal',
    20: 'bad_record_mac',
    21: 'decryption_failed',
    22: 'record_overflow',
    30: 'decompression_failure',
    40: 'handshake_failure',
    41: 'no_certificate_RESERVED',
    42: 'bad_certificate',
    43: 'unsupported_certificate',
    44: 'certificate_revoked',
    45: 'certificate_expired',
    46: 'certificate_unknown',
    47: 'illegal_parameter',
    48: 'unknown_ca',
    49: 'access_denied',
    50: 'decode_error',
    51: 'decrypt_error',
    60: 'export_restriction_RESERVED',
    70: 'protocol_version',
    71: 'insufficient_security',
    80: 'internal_error',
    86: 'inappropriate_fallback',
    90: 'user_canceled',
    100: 'no_renegotiation',
    110: 'unsupported_extension',
    111: 'certificate_unobtainable',
    112: 'unrecognized_name',
    113: 'bad_certificate_status_response',
    114: 'bad_certificate_hash_value',
    115: 'unknown_psk_identity',
}

TLS_COMPRESSION_METHODS = {
    0: 'null',
}

TLS_EXTENSIONS = {
    0: 'server_name',
    1: 'max_fragment_length',
    2: 'client_certificate_url',
    3: 'trusted_ca_keys',
    4: 'truncated_hmac',
    5: 'status_request',
    6: 'user_mapping',
    7: 'client_authz',
    8: 'server_authz',
    9: 'cert_type',
    10: 'supported_groups',
    11: 'ec_point_formats',
    12: 'srp',
    13: 'signature_algorithms',
    14: 'use_srtp',
    15: 'heartbeat',
    16: 'application_layer_protocol_negotiation',
    17: 'status_request_v2',
    18: 'signed_certificate_timestamp',
    19: 'client_certificate_type',
    20: 'server_certificate_type',
    21: 'padding',
    22: 'encrypt_then_mac',
    23: 'extended_master_secret',
    24: 'token_binding',
    25: 'cached_info',
    35: 'SessionTicket TLS',
    40: 'key_share',
    41: 'pre_shared_key',
    42: 'early_data',
    43: 'supported_versions',
    44: 'cookie',
    45: 'psk_key_exchange_modes',
    47: 'certificate_authorities',
    48: 'oid_filters',
    49: 'post_handshake_auth',
    30032: 'channel_id',
    35655: 'padding (NSS 3.15.5)',
    65281: 'renegotiation_info',
    2570: 'GREASE', # GREASE compatibility extensions
    6682: 'GREASE',
    10794: 'GREASE',
    14906: 'GREASE',
    19018: 'GREASE',
    23130: 'GREASE',
    27242: 'GREASE',
    31354: 'GREASE',
    35466: 'GREASE',
    39578: 'GREASE',
    43690: 'GREASE',
    47802: 'GREASE',
    51914: 'GREASE',
    56026: 'GREASE',
    60138: 'GREASE',
    64250: 'GREASE',
}

SSLv2_CIPHER_SUITE_NAMES = {
    '010080': 'SSL_CK_RC4_128_WITH_MD5',
    '020080': 'SSL_CK_RC4_128_EXPORT40_WITH_MD5',
    '030080': 'SSL_CK_RC2_128_CBC_WITH_MD5',
    '040080': 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5',
    '050080': 'SSL_CK_IDEA_128_CBC_WITH_MD5',
    '060040': 'SSL_CK_DES_64_CBC_WITH_MD5',
    '0700c0': 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5',
}

TLS_CIPHER_SUITE_NAMES = {
    "0000": "TLS_NULL_WITH_NULL_NULL",
    "0001": "TLS_RSA_WITH_NULL_MD5",
    "0002": "TLS_RSA_WITH_NULL_SHA",
    "0003": "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
    "0004": "TLS_RSA_WITH_RC4_128_MD5",
    "0005": "TLS_RSA_WITH_RC4_128_SHA",
    "0006": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
    "0007": "TLS_RSA_WITH_IDEA_CBC_SHA",
    "0008": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
    "0009": "TLS_RSA_WITH_DES_CBC_SHA",
    "000a": "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
    "000b": "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
    "000c": "TLS_DH_DSS_WITH_DES_CBC_SHA",
    "000d": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
    "000e": "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
    "000f": "TLS_DH_RSA_WITH_DES_CBC_SHA",
    "0010": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
    "0011": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
    "0012": "TLS_DHE_DSS_WITH_DES_CBC_SHA",
    "0013": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
    "0014": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
    "0015": "TLS_DHE_RSA_WITH_DES_CBC_SHA",
    "0016": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
    "0017": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
    "0018": "TLS_DH_anon_WITH_RC4_128_MD5",
    "0019": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
    "001a": "TLS_DH_anon_WITH_DES_CBC_SHA",
    "001b": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
    "001e": "TLS_KRB5_WITH_DES_CBC_SHA",
    "001f": "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
    "0020": "TLS_KRB5_WITH_RC4_128_SHA",
    "0021": "TLS_KRB5_WITH_IDEA_CBC_SHA",
    "0022": "TLS_KRB5_WITH_DES_CBC_MD5",
    "0023": "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
    "0024": "TLS_KRB5_WITH_RC4_128_MD5",
    "0025": "TLS_KRB5_WITH_IDEA_CBC_MD5",
    "0026": "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
    "0027": "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
    "0028": "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
    "0029": "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
    "002a": "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
    "002b": "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
    "002c": "TLS_PSK_WITH_NULL_SHA",
    "002d": "TLS_DHE_PSK_WITH_NULL_SHA",
    "002e": "TLS_RSA_PSK_WITH_NULL_SHA",
    "002f": "TLS_RSA_WITH_AES_128_CBC_SHA",
    "0030": "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
    "0031": "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
    "0032": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
    "0033": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
    "0034": "TLS_DH_anon_WITH_AES_128_CBC_SHA",
    "0035": "TLS_RSA_WITH_AES_256_CBC_SHA",
    "0036": "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
    "0037": "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
    "0038": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
    "0039": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
    "003a": "TLS_DH_anon_WITH_AES_256_CBC_SHA",
    "003b": "TLS_RSA_WITH_NULL_SHA256",
    "003c": "TLS_RSA_WITH_AES_128_CBC_SHA256",
    "003d": "TLS_RSA_WITH_AES_256_CBC_SHA256",
    "003e": "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
    "003f": "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
    "0040": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
    "0041": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
    "0042": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
    "0043": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
    "0044": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
    "0045": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
    "0046": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
    "0062": "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
    "0063": "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
    "0064": "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
    "0065": "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
    "0066": "TLS_DHE_DSS_WITH_RC4_128_SHA",
    "0067": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
    "0068": "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
    "0069": "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
    "006a": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
    "006b": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
    "006c": "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
    "006d": "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
    "0084": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
    "0085": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
    "0086": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
    "0087": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
    "0088": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
    "0089": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
    "008a": "TLS_PSK_WITH_RC4_128_SHA",
    "008b": "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
    "008c": "TLS_PSK_WITH_AES_128_CBC_SHA",
    "008d": "TLS_PSK_WITH_AES_256_CBC_SHA",
    "008e": "TLS_DHE_PSK_WITH_RC4_128_SHA",
    "008f": "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
    "0090": "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
    "0091": "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
    "0092": "TLS_RSA_PSK_WITH_RC4_128_SHA",
    "0093": "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
    "0094": "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
    "0095": "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
    "0096": "TLS_RSA_WITH_SEED_CBC_SHA",
    "0097": "TLS_DH_DSS_WITH_SEED_CBC_SHA",
    "0098": "TLS_DH_RSA_WITH_SEED_CBC_SHA",
    "0099": "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
    "009a": "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
    "009b": "TLS_DH_anon_WITH_SEED_CBC_SHA",
    "009c": "TLS_RSA_WITH_AES_128_GCM_SHA256",
    "009d": "TLS_RSA_WITH_AES_256_GCM_SHA384",
    "009e": "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
    "009f": "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
    "00a0": "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
    "00a1": "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
    "00a2": "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
    "00a3": "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
    "00a4": "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
    "00a5": "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
    "00a6": "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
    "00a7": "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
    "00a8": "TLS_PSK_WITH_AES_128_GCM_SHA256",
    "00a9": "TLS_PSK_WITH_AES_256_GCM_SHA384",
    "00aa": "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
    "00ab": "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
    "00ac": "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
    "00ad": "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
    "00ae": "TLS_PSK_WITH_AES_128_CBC_SHA256",
    "00af": "TLS_PSK_WITH_AES_256_CBC_SHA384",
    "00b0": "TLS_PSK_WITH_NULL_SHA256",
    "00b1": "TLS_PSK_WITH_NULL_SHA384",
    "00b2": "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
    "00b3": "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
    "00b4": "TLS_DHE_PSK_WITH_NULL_SHA256",
    "00b5": "TLS_DHE_PSK_WITH_NULL_SHA384",
    "00b6": "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
    "00b7": "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
    "00b8": "TLS_RSA_PSK_WITH_NULL_SHA256",
    "00b9": "TLS_RSA_PSK_WITH_NULL_SHA384",
    "00ba": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
    "00bb": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
    "00bc": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
    "00bd": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
    "00be": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
    "00bf": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
    "00c0": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
    "00c1": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
    "00c2": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
    "00c3": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
    "00c4": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
    "00c5": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
    "00ff": "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
    "5600": "TLS_FALLBACK_SCSV",
    "c001": "TLS_ECDH_ECDSA_WITH_NULL_SHA",
    "c002": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
    "c003": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
    "c004": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
    "c005": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
    "c006": "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
    "c007": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
    "c008": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
    "c009": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
    "c00a": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
    "c00b": "TLS_ECDH_RSA_WITH_NULL_SHA",
    "c00c": "TLS_ECDH_RSA_WITH_RC4_128_SHA",
    "c00d": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
    "c00e": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
    "c00f": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
    "c010": "TLS_ECDHE_RSA_WITH_NULL_SHA",
    "c011": "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
    "c012": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
    "c013": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
    "c014": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
    "c015": "TLS_ECDH_anon_WITH_NULL_SHA",
    "c016": "TLS_ECDH_anon_WITH_RC4_128_SHA",
    "c017": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
    "c018": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
    "c019": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
    "c01a": "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
    "c01b": "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
    "c01c": "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
    "c01d": "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
    "c01e": "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
    "c01f": "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
    "c020": "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
    "c021": "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
    "c022": "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
    "c023": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
    "c024": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
    "c025": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
    "c026": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
    "c027": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
    "c028": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
    "c029": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
    "c02a": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
    "c02b": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
    "c02c": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
    "c02d": "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
    "c02e": "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
    "c02f": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    "c030": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
    "c031": "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
    "c032": "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
    "c033": "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
    "c034": "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
    "c035": "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
    "c036": "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
    "c037": "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
    "c038": "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
    "c039": "TLS_ECDHE_PSK_WITH_NULL_SHA",
    "c03a": "TLS_ECDHE_PSK_WITH_NULL_SHA256",
    "c03b": "TLS_ECDHE_PSK_WITH_NULL_SHA384",
    "c03c": "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
    "c03d": "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
    "c03e": "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",
    "c03f": "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",
    "c040": "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",
    "c041": "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",
    "c042": "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",
    "c043": "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",
    "c044": "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",
    "c045": "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",
    "c046": "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",
    "c047": "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",
    "c048": "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
    "c049": "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
    "c04a": "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
    "c04b": "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
    "c04c": "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
    "c04d": "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
    "c04e": "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
    "c04f": "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
    "c050": "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
    "c051": "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
    "c052": "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",
    "c053": "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",
    "c054": "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",
    "c055": "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",
    "c056": "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",
    "c057": "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",
    "c058": "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",
    "c059": "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",
    "c05a": "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",
    "c05b": "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",
    "c05c": "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",
    "c05d": "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",
    "c05e": "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
    "c05f": "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
    "c060": "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",
    "c061": "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
    "c062": "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
    "c063": "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
    "c064": "TLS_PSK_WITH_ARIA_128_CBC_SHA256",
    "c065": "TLS_PSK_WITH_ARIA_256_CBC_SHA384",
    "c066": "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",
    "c067": "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",
    "c068": "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",
    "c069": "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",
    "c06a": "TLS_PSK_WITH_ARIA_128_GCM_SHA256",
    "c06b": "TLS_PSK_WITH_ARIA_256_GCM_SHA384",
    "c06c": "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",
    "c06d": "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",
    "c06e": "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",
    "c06f": "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
    "c070": "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
    "c071": "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
    "c072": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
    "c073": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
    "c074": "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
    "c075": "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
    "c076": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
    "c077": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
    "c078": "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
    "c079": "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
    "c07a": "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
    "c07b": "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
    "c07c": "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
    "c07d": "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
    "c07e": "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
    "c07f": "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
    "c080": "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",
    "c081": "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",
    "c082": "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",
    "c083": "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",
    "c084": "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",
    "c085": "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",
    "c086": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
    "c087": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
    "c088": "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
    "c089": "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
    "c08a": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
    "c08b": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
    "c08c": "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
    "c08d": "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
    "c08e": "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
    "c08f": "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
    "c090": "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",
    "c091": "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",
    "c092": "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
    "c093": "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
    "c094": "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
    "c095": "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
    "c096": "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
    "c097": "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
    "c098": "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
    "c099": "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
    "c09a": "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
    "c09b": "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
    "c09c": "TLS_RSA_WITH_AES_128_CCM",
    "c09d": "TLS_RSA_WITH_AES_256_CCM",
    "c09e": "TLS_DHE_RSA_WITH_AES_128_CCM",
    "c09f": "TLS_DHE_RSA_WITH_AES_256_CCM",
    "c0a0": "TLS_RSA_WITH_AES_128_CCM_8",
    "c0a1": "TLS_RSA_WITH_AES_256_CCM_8",
    "c0a2": "TLS_DHE_RSA_WITH_AES_128_CCM_8",
    "c0a3": "TLS_DHE_RSA_WITH_AES_256_CCM_8",
    "c0a4": "TLS_PSK_WITH_AES_128_CCM",
    "c0a5": "TLS_PSK_WITH_AES_256_CCM",
    "c0a6": "TLS_DHE_PSK_WITH_AES_128_CCM",
    "c0a7": "TLS_DHE_PSK_WITH_AES_256_CCM",
    "c0a8": "TLS_PSK_WITH_AES_128_CCM_8",
    "c0a9": "TLS_PSK_WITH_AES_256_CCM_8",
    "c0aa": "TLS_PSK_DHE_WITH_AES_128_CCM_8",
    "c0ab": "TLS_PSK_DHE_WITH_AES_256_CCM_8",
    "c0ac": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
    "c0ad": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
    "c0ae": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
    "c0af": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
    "cca8": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
    "cca9": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
    "ccaa": "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
    "ccab": "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",
    "ccac": "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
    "ccad": "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
    "ccae": "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
    '1301': 'TLS_AES_128_GCM_SHA256', # TLS 1.3 cipher suites
    '1302': 'TLS_AES_256_GCM_SHA384',
    '1303': 'TLS_CHACHA20_POLY1305_SHA256',
    '1304': 'TLS_AES_128_CCM_SHA256',
    '1305': 'TLS_AES_128_CCM_8_SHA256',
    '0a0a': 'GREASE_cipher_suite_0a0a', # GREASE compatibility ciphers suites
    '1a1a': 'GREASE_cipher_suite_1a1a',
    '2a2a': 'GREASE_cipher_suite_2a2a',
    '3a3a': 'GREASE_cipher_suite_3a3a',
    '4a4a': 'GREASE_cipher_suite_4a4a',
    '5a5a': 'GREASE_cipher_suite_5a5a',
    '6a6a': 'GREASE_cipher_suite_6a6a',
    '7a7a': 'GREASE_cipher_suite_7a7a',
    '8a8a': 'GREASE_cipher_suite_8a8a',
    '9a9a': 'GREASE_cipher_suite_9a9a',
    'aaaa': 'GREASE_cipher_suite_aaaa',
    'baba': 'GREASE_cipher_suite_baba',
    'caca': 'GREASE_cipher_suite_caca',
    'dada': 'GREASE_cipher_suite_dada',
    'eaea': 'GREASE_cipher_suite_eaea',
    'fafa': 'GREASE_cipher_suite_fafa',
}

TLS_SIGNATURE_HASH_ALGORITHMS = {
    'efef': 'gostr34102012_512_gostr34112012_512',
    'eeee': 'gostr34102012_256_gostr34112012_256',
    'eded': 'gostr34102001_gostr3411',
    '080b': 'rsa_pss_pss_sha512',
    '080a': 'rsa_pss_pss_sha384',
    '0809': 'rsa_pss_pss_sha256',
    '0808': 'ed448',
    '0807': 'ed25519',
    '0806': 'rsa_pss_sha512',
    '0805': 'rsa_pss_sha384',
    '0804': 'rsa_pss_sha256',
    '0603': 'ecdsa_sha512',
    '0602': 'dsa_sha512',
    '0601': 'rsa_sha512',
    '0503': 'ecdsa_sha384',
    '0502': 'dsa_sha384',
    '0501': 'rsa_sha384',
    '0403': 'ecdsa_sha256',
    '0402': 'dsa_sha256',
    '0401': 'rsa_sha256',
    '0303': 'ecdsa_sha224',
    '0302': 'dsa_sha224',
    '0301': 'rsa_sha224',
    '0203': 'ecdsa_sha1',
    '0202': 'dsa_sha1',
    '0201': 'rsa_sha1',
    '0103': 'ecdsa_md5',
    '0102': 'dsa_md5',
    '0101': 'rsa_md5',
    '0000': 'anonymous_none'
}

TLS_CERTIFICATE_STATUS_TYPE = {
    '00': 'reserved',
    '01': 'ocsp',
    '02': 'ocsp_multi',
}

TLS_EC_POINT_FORMATS = {
    '00': 'uncompressed',
    '01': 'ansiX962_compressed_prime',
    '02': 'ansiX962_compressed_char2',
}

TLS_SUPPORTED_GROUPS = {
    0: 'Unassigned',
    1: 'sect163k1',
    2: 'sect163r1',
    3: 'sect163r2',
    4: 'sect193r1',
    5: 'sect193r2',
    6: 'sect233k1',
    7: 'sect233r1',
    8: 'sect239k1',
    9: 'sect283k1',
    10: 'sect283r1',
    11: 'sect409k1',
    12: 'sect409r1',
    13: 'sect571k1',
    14: 'sect571r1',
    15: 'secp160k1',
    16: 'secp160r1',
    17: 'secp160r2',
    18: 'secp192k1',
    19: 'secp192r1',
    20: 'secp224k1',
    21: 'secp224r1',
    22: 'secp256k1',
    23: 'secp256r1',
    24: 'secp384r1',
    25: 'secp521r1',
    26: 'brainpoolP256r1',
    27: 'brainpoolP384r1',
    28: 'brainpoolP512r1',
    29: 'x25519',
    30: 'x448',
    256: 'ffdhe2048',
    257: 'ffdhe3072',
    258: 'ffdhe4096',
    259: 'ffdhe6144',
    260: 'ffdhe8192',
    65281: 'arbitrary_explicit_prime_curves',
    65282: 'arbitrary_explicit_char2_curves',
    2570: 'GREASE', # GREASE compatibility groups
    6682: 'GREASE',
    10794: 'GREASE',
    14906: 'GREASE',
    19018: 'GREASE',
    23130: 'GREASE',
    27242: 'GREASE',
    31354: 'GREASE',
    35466: 'GREASE',
    39578: 'GREASE',
    43690: 'GREASE',
    47802: 'GREASE',
    51914: 'GREASE',
    56026: 'GREASE',
    60138: 'GREASE',
    64250: 'GREASE',
}

TLS_PSK_KEY_EXCHANGE_MODES = {
    0: 'psk_ke',
    1: 'psk_dhe_ke',
}

TLS_CURVE_TYPE = {
    3: 'named_curve',
}


